CN104954118B - A kind of mimicry encryption method and system encoded based on vector network with DES - Google Patents
A kind of mimicry encryption method and system encoded based on vector network with DES Download PDFInfo
- Publication number
- CN104954118B CN104954118B CN201510251536.5A CN201510251536A CN104954118B CN 104954118 B CN104954118 B CN 104954118B CN 201510251536 A CN201510251536 A CN 201510251536A CN 104954118 B CN104954118 B CN 104954118B
- Authority
- CN
- China
- Prior art keywords
- matrix
- scrambled
- ciphertext
- rank
- intermediate sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of mimicry encryption method and system encoded based on vector network with DES, is favorably improved the prevention ability of system, and can reduce overhead.Methods described includes:S1, big matrix V NC encryptions:Plaintext x is encoded using VNC, generation intermediate sequence z1;S2, des encryption:Using DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;S3, minor matrix VNC are encrypted:Using VNC to the intermediate sequence z2Encoded, generation ciphertext y;S4, key dynamically updates:Enter Mobile state renewal to the ciphertext y, generate new ciphertext y ' and key.The system includes:Big matrix V NC ciphering units, des encryption unit, minor matrix VNC ciphering units and key dynamic update unit.The present invention is applied to encryption technology field.
Description
Technical field
The present invention relates to encryption technology field, a kind of mimicry encryption side encoded based on vector network with DES is particularly related to
Method and system.
Background technology
In recent years, with computer high speed development and hardware spending continuous decline, brute force attack for iteration be grouped
Cracking for classical data encryption standards (Data Encryption Standard, DES) becomes more and more effectively in password, but
It is that DES still has in extremely good incomputability, the des encryption variant that presently, there are for analytical attack, double DES
Seem very fragile when being encrypted in face of man-in-the-middle attack, can not reach that multi-enciphering improves the purpose of computation complexity substantially;
Key length is increased to 112 when triple des are encrypted in face of man-in-the-middle attack, just at present, this encryption method is
Safety, and be widely used, but it has the disadvantage that time-consuming, expense is big.
At present, network code theoretical (Vector Network Coding, VNC) is encoded by traditional scalar network sends out
Emerging vector network coding is opened up, it is characterized in that data are no longer using single character to be single when being transmitted on network topological diagram
Position, but the character vector of L dimensions carries out coding transmission for unit.Analyzed from safety perspective, VNC key sequences are with matrix side
Formula is arranged, and its finite field considers to be typically chosen GF (2) for practicality, then the matrix that L dimensional vectors can be constituted under the conditions of being somebody's turn to do
Number is 2L×L, then for 64 data encryptions --- even at least 16 bit encryptions, all have well for brute force attack
Incomputability.Meanwhile, VNC is clearly a Linear codes encryption system, however, because linear dependence is easy to analysis, if
Linear relationship is only presented in secret key bits in one cipher system, then the key will be quite dangerous.It is apparent that by VNC decrypted originals
Reason is understood, at most obtains the plaintext-ciphertext pair equal with encryption digit, it is possible to is easily cracked VNC, i.e. VNC and is attacked for analysis
Hit extremely dangerous, prevention ability is poor.
The content of the invention
The technical problem to be solved in the present invention is to provide it is a kind of based on vector network encode and DES mimicry encryption method and
System, the problem of time-consuming, expense big and VNC prevention abilities are poor is encrypted to solve the triple des present in prior art.
Add in order to solve the above technical problems, the embodiment of the present invention provides a kind of mimicry based on vector network coding and DES
Decryption method, including:
S1, big matrix V NC encryptions:Plaintext x is encoded using VNC, generation intermediate sequence z1;
S2, des encryption:Using DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;
S3, minor matrix VNC are encrypted:Using VNC to the intermediate sequence z2Encoded, generation ciphertext y;
S4, key dynamically updates:Enter Mobile state renewal to the ciphertext y, generate new ciphertext y ' and key.
Alternatively, the S1 includes:
S11, the binary sequence m that coding generation length is K is carried out to plaintext x using VNC0m1m2…mK, by the binary sequence
Arrange m0m1m2…mKIt is divided intoIndividual length is LaGroup:m1,m2,…,
S12, judges whether K can be by LaDivide exactly, if so, then performing S13;If it is not, then adding 0 completion last group
Remaining bit, it is L to form lengthaComplete packet, be further added by a packet the size that stores and represent significance bit, then
Perform S13;
S13, determines LaAn approximate number Da;
S14, generates a L at randoma/DaRank GF (2Da)-scrambled matrix A;
S15, trip current A whether full rank:If so, then performing S16;S14 is performed if it is not, then returning, until the square of generation
Battle array A full ranks;
S16, determines any one D on two element field GF (2)aRank primitive polynomial, according to predefined computing by matrix A
In each GF (2Da) element representation is into a DaRank GF (2)-matrix, forms LaRank GF (2)-full rank scrambled matrix Ka;
S17, judges DaWhether it is 1, if so, then performing S18;If it is not, then expanded keys space;
S18, determines L successivelyaLong packet, and by each packet of determination successively with scrambled matrix KaDo product and obtain centre
Sequence z1。
Alternatively, the expanded keys space includes:
Directly generate LaRank GF (2)-permutation matrix, to scrambled matrix KaCarry out direct replacement;Or,
In generation scrambled matrix KaDuring, ranks displacement is first done to matrix A or to DaRank GF (2)-matrix does ranks and put
Change, so as to scrambled matrix KaCarry out indirectlyby displacement.
Alternatively, the S2 includes:
To the intermediate sequence z1Cutting packet is carried out, and according to 64 des encryption methods to the intermediate sequence z after packet1
It is encrypted, generation intermediate sequence z2。
Alternatively, the S3 includes:
S31, by the intermediate sequence z2Length is divided into for LcGroup, determine that can divide exactly a LcInteger Dc;
S32, generates a L at randomc/DcRank GF (2Dc)-scrambled matrix C;
S33, trip current C whether full rank:If so, then performing S34;S32 is performed if it is not, then returning, until the square of generation
Battle array C full ranks;
S34, determines any one D on two element field GF (2)cRank primitive polynomial, according to predefined computing by Matrix C
In each GF (2Dc) element representation is into a DcRank GF (2)-matrix, forms the L based on GF (2)cRank full rank scrambled matrix Kc;
S35, determines L successivelycLong packet, and by each packet of determination successively with scrambled matrix KcDo product and obtain ciphertext
y。
Alternatively, the S4 includes:
S41, passes through scrambled matrix KcInverse matrix the anti-solutions of ciphertext y are obtained into intermediate sequence z2;
S42, the intermediate sequence z is redefined according to S3 method2The length L of packetd, primitive polynomial, and generate Ld
Rank GF (2)-new full rank scrambled matrix Kd, and by the intermediate sequence z2With scrambled matrix KdDo product and obtain new KdCiphertext y ';
S43, while storing KdKey is updated as new scrambled matrix.
Alternatively, the S4 includes:
S44, random generation one has the same order scrambled matrix D of identical extension field with Matrix C;
S45, trip current D whether full rank:If so, then performing S46;S44 is performed if it is not, then returning, until the square of generation
Battle array D full ranks;
S46, according to S3 parameter, matrix D is expressed as and KcSame order GF (2)-new full rank scrambled matrix Kd;
S47, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix Kd
Product is done, its result is stored as new scrambled matrix and key is updated.
Alternatively, the S4 includes:
S48, random generation and scrambled matrix KcThe permutation matrix K of same order, scrambled matrix KcGF (2)-full is obtained with K products
Order scrambled matrix Kd;
S49, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix Kd
Product is done, its result is stored as new scrambled matrix and key is updated.
Alternatively, include after the S4:
It is plaintext x by the ciphertext y ' decryption after the stay of two nights receives the ciphertext y ' that information source is sent;
It is described to include the ciphertext y ' decryption for plaintext x:
The ciphertext y ' is done into product with the inverse matrix of corresponding scrambled matrix and obtains intermediate sequence z2;
By intermediate sequence z2Carry out reversing key schedule to obtain intermediate sequence z1;
By intermediate sequence z1Product, which is done, with the inverse matrix of corresponding scrambled matrix obtains plaintext x;
If it is meaningful to decrypt obtained plaintext, receives, otherwise, then abandon the plaintext and carry out error handle.
The embodiment of the present invention also provides a kind of mimicry encryption system encoded based on vector network with DES, including:
Big matrix V NC ciphering units, for being encoded using VNC to plaintext x, generate intermediate sequence z1;
Des encryption unit, for utilizing DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;
Minor matrix VNC ciphering units, for utilizing VNC to the intermediate sequence z2Encoded, generation ciphertext y;
Key dynamic update unit, updates for entering Mobile state to the ciphertext y, generates new ciphertext y ' and key.
The above-mentioned technical proposal of the present invention has the beneficial effect that:
In such scheme, plaintext x is encoded by big matrix V NC encryption methods, generation intermediate sequence z1, improve this
The ability of invention resistance brute force attack;Non-linear elements are introduced to intermediate sequence z followed by DES itself S- boxes1It is encrypted,
Generate intermediate sequence z2, improve the ability of present invention resistance analytical attack;Plan is easily achieved by minor matrix VNC encryption methods again
The characteristics of state changes is to the intermediate sequence z2Encoded, generate ciphertext y, so that for present invention introduces mimicry security feature,
Finally enter Mobile state renewal to the ciphertext y, generate new ciphertext y ' and key, so as to further improve the mimicry peace of the present invention
Omnicharacteristic.So, the present invention is safe using the anti-brute force attack characteristic and mimicry of attack resistance characteristic and the VNC encryption of des encryption
Characteristic, it is possible to increase the ability of present invention resistance attack, while compared to the triple des encryption system applied at present, the present invention
Three re-encryptions provided --- by the vector network coding encrypting square for using different scales respectively on the both sides of des encryption process
Battle array, has the advantages that renewal speed is fast, overhead is low, adaptable to network environment.
Brief description of the drawings
Fig. 1 is the method flow provided in an embodiment of the present invention encoded based on vector network with DES mimicry encryption method
Figure;
The specific implementation method flow chart that Fig. 2 is S1 in Fig. 1;
The specific implementation method flow chart that Fig. 3 is S2 and S3 in Fig. 1;
The specific implementation method flow chart that Fig. 4 is S4 in Fig. 1.
Embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and tool
Body embodiment is described in detail.
The present invention encrypts the problem of time-consuming, expense big and VNC prevention abilities are poor for existing triple des, proposes one
The network information transfer with mimicry security feature or the encryption technology of network information storage are planted, it is espespecially a kind of to be based on vector network
The mimicry encryption method and system of coding and DES.
For preferably the present invention will be described, first introduce the present invention used in finite field elements matrix represent and
Its to generate non-singular matrix efficiency influence and mimicry network security.
Mimicry network security concept is a kind of network security new thinking and new technology.Traditional computer Passive Defence it is congenital
Inferior position often leads to feel simply helpless once by new virus attack.Network dynamic and add pseudo-randomness active prevent
It is imperial, mimicry calculating elements are imported, make leak, back door more difficult using information, it is possible to decrease attacker utilizes the reliability of information.
The intrinsic randomness of mimicry network, dynamic and uncertainty, have blocked what current attack technology was relied on to a certain extent
Chain integrality is attacked, prevention ability of the computer for potential threat can be fundamentally improved.Vector network coding (VNC) passes through
Using flexible and changeable scrambled matrix, the mimicry angle changing that exactly can store and transmit data from network system realizes plan
The potential network transporting mechanism of state safety.
Vector network coding theory is pointed out:The matrix that finite field is added on basic coding is represented, can make Vector Network
Network coding has more preferable mimicry security feature.From Kai Lai-Hamilton (Cayley-Hamilton) theorem, finite field
D rank extension field GF (p on GF (p)D) can be represented by following matrix form:Determine any one GF (p)-D rank primitive polynomials
Formula, obtains the polynomial D ranks adjoint matrix K, such GF (pD)={ 0, K, K2…,KpD–1=I }, wherein domain operation can use square
Battle array computing is represented.Different primitive polynomials can obtain different generation members, so as to obtain the different matrix tables to D rank extension fields
Show form.It is apparent that under conditions of former scrambled matrix dimension is constant, internal cryptographic element can not use base field as needed
GF (2), but use the multistage extension field of the base field.First, the rank of the extension field and primitive polynomial can flexibly determine and
It is easy to calculate and changes;Secondly, for choosing matrix, encrypt-decrypt process is completed, it is desirable to the necessary full rank of matrix, by
Network code relevant knowledge is understood:Non-singular matrix occur probability distribution meet geometry distribution, if in matrix optional element by
Base field is changed into extension field, then alternative matrix number tails off, and the non-singular matrix probability chosen is bigger, and system effectiveness is got over
It is high.
Embodiment one
Referring to shown in Fig. 1, the mimicry encryption method provided in an embodiment of the present invention encoded based on vector network with DES is wrapped
Include:
S1, big matrix V NC encryptions:Plaintext x is encoded using VNC, generation intermediate sequence z1;
S2, des encryption:Using DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;
S3, minor matrix VNC are encrypted:Using VNC to the intermediate sequence z2Encoded, generation ciphertext y;
S4, key dynamically updates:Enter Mobile state renewal to the ciphertext y, generate new ciphertext y ' and key.
Being encoded based on vector network described in the embodiment of the present invention and DES mimicry encryption method, are added by big matrix V NC
Decryption method is encoded to plaintext x, generation intermediate sequence z1, improve the ability of present invention resistance brute force attack;Followed by DES
Itself S- box introduces non-linear elements to intermediate sequence z1It is encrypted, generation intermediate sequence z2, improve present invention resistance analysis and attack
The ability hit;The characteristics of mimicry changes is easily achieved to the intermediate sequence z by minor matrix VNC encryption methods again2Compiled
Code, generates ciphertext y, so that present invention introduces mimicry security feature, finally to enter Mobile state renewal to the ciphertext y, generation is new
Ciphertext y ' and key so that further improve the present invention mimicry security feature.So, the present invention utilizes the anti-of des encryption
Attack the anti-brute force attack characteristic and mimicry security feature of characteristic and VNC encryptions, it is possible to increase the ability of present invention resistance attack,
Simultaneously compared to the triple des encryption system applied at present, three re-encryptions that the present invention is provided --- by des encryption process
Both sides respectively use different scales vector network coding encrypting matrix, with renewal speed is fast, overhead is low, to network
The advantage of strong environmental adaptability.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S1 includes:
S11, the binary sequence m that coding generation length is K is carried out to plaintext x using VNC0m1m2…mK, by the binary sequence
Arrange m0m1m2…mKIt is divided intoIndividual length is LaGroup:m1,m2,…,
S12, judges whether K can be by LaDivide exactly, if so, then performing S13;If it is not, then adding 0 completion last group
Remaining bit, it is L to form lengthaComplete packet, be further added by a packet the size that stores and represent significance bit, then
Perform S13;
S13, determines LaAn approximate number Da;
S14, generates a L at randoma/DaRank GF (2Da)-scrambled matrix A;
S15, trip current A whether full rank:If so, then performing S16;S14 is performed if it is not, then returning, until the square of generation
Battle array A full ranks;
S16, determines any one D on two element field GF (2)aRank primitive polynomial, according to predefined computing by matrix A
In each GF (2Da) element representation is into a DaRank GF (2)-matrix, forms LaRank GF (2)-full rank scrambled matrix Ka;
S17, judges DaWhether it is 1, if so, then performing S18;If it is not, then expanded keys space;
S18, determines L successivelyaLong packet, and by each packet of determination successively with scrambled matrix KaDo product and obtain centre
Sequence z1。
Referring to shown in Fig. 2, in the embodiment of the present invention, it is the two of K that coding generation length is carried out to plaintext x first with VNC
Metasequence m0m1m2…mK, by the binary sequence m0m1m2…mKIt is divided intoIndividual length is LaGroup:m1,m2,…,It is determined that whether K can be by LaDivide exactly, if K can not be by LaDivide exactly, then last group of packetLength
N meets addition 0<n<La, then need to be in last groupAdd (La- n) individual 0 carry out completion last groupRemaining bit,
Make last groupIt is L to form a lengthaComplete packet, a length is further added by afterwards for LaPacket store
With the size for representing n values;
It is then determined LaAn approximate number Da;And a L is generated at randoma/DaRank GF (2Da)-scrambled matrix A;Afterwards, sentence
Set matrix A whether full rank:If matrix A not full rank, needs to generate a L at random againa/DaRank GF (2Da)-scrambled matrix A,
Until the matrix A full rank of generation;
Any one D on two element field GF (2) is determined againaRank primitive polynomial, according to GF (2Da) matrix representation forms
By the GF of each in matrix A (2Da) element representation is into a DaRank GF (2)-matrix, so as to obtain LaRank GF (2)-full rank encryption
Matrix Ka;
DaIt is determined that after, judge DaWhether it is 1, if Da=1, then without to scrambled matrix KaEnter line replacement;Otherwise, then pair plus
Close matrix KaEnter line replacement, so that expanded keys space;
Finally, L is determined successivelyaLong packet ma,By with scrambled matrix LaProduct is done, in obtaining
Between sequenceThe intermediate sequence z1ByIndividual LaLong sub- intermediate sequence structure
Into.
In the embodiment of the present invention, block length LaArbitrary value may be selected in (also referred to as encrypting dimension), but typically uses 2nMake
For block length, the main purpose for carrying out S1 encryptions is the ability for improving present invention resistance brute force attack, and due to S1 encryptions
Infrequently change, in order to increase the ability of resistance brute force attack, therefore block length LaHigher value is selected as far as possible, for example, can select
The block length selected is 32,64,128 etc., as block length LaDuring less than 16, it is difficult to reach resistance brute force attack, when packet length
Spend LaWhen length is excessive, the difficulty of matrix operation can be increased, increase overhead.
As block length LaIt is determined that afterwards, DaSelection need to divide exactly La, because the probability distribution that non-singular matrix occurs is met
Geometry is distributed, and works as Da=1, extension field GF (2Da) base field is deteriorated to, now optional La×LaAt most, quantity is 2 to matrix numberLa ×La, now computation complexity is high, obtains non-singular matrix speed slowly, but security becomes higher;Work as Da=LaWhen, extension field is
GF(2La), now, each of which non-zero entry all can be by a full rank La×LaMatrix is represented, once it is determined that primitive polynomial,
Just corresponding adjoint matrix can be instantly available, the matrix is the generator matrix of extension field, while also certain full rank, is now
Computation complexity of uniting is low, obtains non-singular matrix speed soon, but because optional matrix number is contracted to 2La, security of system can drop
It is low.DaThe selection of value is efficiency and the safe obtained result that meets each other half way.
In the embodiment of the present invention, in generation scrambled matrix KaDuring, the randomness that VNC parameters are chosen ensure that every time
It can obtain different ciphertexts even if identical plaintext x is encrypted (ciphertext is intermediate sequence z1), it is equivalent to " one time one
It is close ", random number generator (RNG) design is eliminated, the integrality of information is protected so that attacker is difficult to look in a stream
Substitution attack is completed to rule.In S4, when being refreshed completely to key, La、DaAll selectively sent out with primitive polynomial
Changing.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
Expanded keys space includes:
Directly generate LaRank GF (2)-permutation matrix, to scrambled matrix KaCarry out direct replacement;Or,
In generation scrambled matrix KaDuring, ranks displacement is first done to matrix A or to DaRank GF (2)-matrix does ranks and put
Change, so as to scrambled matrix KaCarry out indirectlyby displacement.
In the embodiment of the present invention, for expanded keys space, there are three kinds of modes to increase LaRank full rank scrambled matrix Ka's
Number:
1. directly generate LaRank GF (2)-permutation matrix, is realized to scrambled matrix KaDirect replacement;
2. generating a La/DaRank GF (2DaAfter)-scrambled matrix A, L is utilizeda/DaRank permutation matrix realizes the row of matrix A
Rank transformation, is realized to scrambled matrix KaIndirectlyby displacement;
3. the multiple D of selectionaRank primitive polynomial, can obtain the identical extension field that different non-singular matrixs are represented, it is in the nature
To DaRank GF (2)-matrix does ranks displacement, realizes to scrambled matrix KaCarry out indirectlyby displacement.
It is apparent that 2,3 be 1 special implementation.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S2 includes:
To the intermediate sequence z1Cutting packet is carried out, and according to 64 des encryption methods to the intermediate sequence z after packet1
It is encrypted, generation intermediate sequence z2。
Referring to shown in Fig. 3, in the embodiment of the present invention, using 64 DES methods to intermediate sequence z1It is encrypted, in obtaining
Between sequence z2, the encryption length used in S2 is unrelated with VNC encryptions block length, only need to be to intermediate sequence z1Cutting packet is carried out,
Afterwards according to 64 classical des encryption methods to the intermediate sequence z after packet1It is encrypted.S2 is by using DES itself S- boxes
Introduce non-linear elements so that the present invention has more preferable effect when resisting analytical attack.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S3 includes:
S31, by the intermediate sequence z2Length is divided into for LcGroup, determine that can divide exactly a LcInteger Dc;
S32, generates a L at randomc/DcRank GF (2Dc)-scrambled matrix C;
S33, trip current C whether full rank:If so, then performing S34;S32 is performed if it is not, then returning, until the square of generation
Battle array C full ranks;
S34, determines any one D on two element field GF (2)cRank primitive polynomial, according to predefined computing by Matrix C
In each GF (2Dc) element representation is into a DcRank GF (2)-matrix, forms the L based on GF (2)cRank full rank scrambled matrix Kc;
S35, determines L successivelycLong packet, and by each packet of determination successively with scrambled matrix KcDo product and obtain ciphertext
y。
Referring to shown in Fig. 3, in the embodiment of the present invention, using VNC to intermediate sequence z2Encoded, obtain ciphertext y.S3 with
S1 is similar, first by the intermediate sequence z2Length is divided into for LcGroup, and determine one can divide exactly LcInteger Dc, at random
Generate a Lc/DcRank GF (2Dc)-scrambled matrix C;
It is determined that Matrix C whether full rank:If Matrix C not full rank, needs to generate a L at random againc/DcRank GF
(2Dc)-scrambled matrix C, until the Matrix C full rank of generation;
Any one D on two element field GF (2) is determined againcRank primitive polynomial, according to finite field gf (2Dc) matrix table
Show form by the GF of each in Matrix C (2Dc) element representation is into a DcRank GF (2)-matrix, forms the L based on GF (2)cRank is expired
Order scrambled matrix Kc;
Finally, L is determined successivelycLong packet, and by each packet of determination successively with scrambled matrix KcDo product and obtain ciphertext
y。
In the embodiment of the present invention, again using VNC to intermediate sequence z2The main purpose that generation ciphertext y is encrypted exists
In being easily achieved the characteristics of mimicry changes using VNC more preferable mimicry security feature is introduced for system.In order to ensure safety, with
S1, S2 are compared, and ciphering process can more frequently be carried out by system in S3, with increase the dynamic of system data, uncertainty with
Non-standing.Block length L is encrypted in order to reduce VNC in overhead, S3cSelection should be smaller, for example, can select 32 or
16, block length LcIt is determined that afterwards, further determining extension field exponent number DcAnd primitive polynomial, improve the flexibility of system.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S4 includes:
S41, passes through scrambled matrix KcInverse matrix the anti-solutions of ciphertext y are obtained into intermediate sequence z2;
S42, the intermediate sequence z is redefined according to S3 method2The length L of packetd, primitive polynomial, and generate Ld
Rank GF (2)-new full rank scrambled matrix Kd, and by the intermediate sequence z2With scrambled matrix KdDo product and obtain new KdCiphertext y ';
S43, while storing KdKey is updated as new scrambled matrix.
In the embodiment of the present invention, to ensure safety, it is necessary to limit the use duration of key, so periodically must refresh completely
Key, but refresh keys expense completely is much greater compared to Local hydrodynamic unit key, so the present invention is close by Local hydrodynamic unit
Key ensures security of system.Referring to shown in Fig. 4, the present invention provides three kinds of update modes and realizes Local hydrodynamic unit key and more Xinmi City
Literary y so that system has more preferable mimicry security feature.
Referring to shown in Fig. 4, generally, pass through scrambled matrix KcInverse matrix the anti-solutions of ciphertext y are obtained into intermediate sequence
z2;Method according still further to S3 redefines the intermediate sequence z2The length L of packetd, primitive polynomial, and generate L at randomdRank
GF (2)-new full rank scrambled matrix Kd, and by the intermediate sequence z2With scrambled matrix KdDo product and obtain new ciphertext y ', simultaneously
Store KdKey is updated as new scrambled matrix.Now, the scrambled matrix structure retrieved, with the encryption in S3
Matrix structure and parameter are all very different, and have so as to embody VNC and encrypt the matrix form used in ciphering process
Flexible and changeable property, with great mimicry security feature.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S4 includes:
S44, random generation one has the same order scrambled matrix D of identical extension field with Matrix C;
S45, trip current D whether full rank:If so, then performing S46;S44 is performed if it is not, then returning, until the square of generation
Battle array D full ranks;
S46, according to S3 parameter, K is expressed as by matrix DcSame order GF (2)-new full rank scrambled matrix Kd;
S47, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix Kd
Product is done, its result is stored as new scrambled matrix and key is updated.
Referring to shown in Fig. 4, in order to improve encryption efficiency, it is relatively low, safe that the embodiment of the present invention additionally provides two kinds of complexities
The slightly worse update mode of property, the update mode includes:Method one and method two.Methods described one, without solving ciphertext y is counter
To intermediate sequence z2, do not change the L in S3 yetc、DcAnd primitive polynomial, one need to be only generated at random has identical expansion with Matrix C
Open up the same order scrambled matrix D in domain, and trip current D whether full rank, if matrix D not full rank, needs to regenerate one and Matrix C
Same order scrambled matrix D with identical extension field, until the matrix D full rank of generation, and according to S3 parameter (in namely S3
Lc、DcAnd primitive polynomial), matrix D is expressed as KcSame order GF (2)-new full rank scrambled matrix Kd;Finally, by ciphertext y with adding
Close matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix KdProduct is done, its result is stored as new
Scrambled matrix is simultaneously updated to key.Compared with S1, S2, the renewal speed of the key in S4 is mutually more frequent so that attack
If person can not attacker only cracks again in shorter time breaking cryptographic keys, and after key updating, this hair is further increased
Bright security.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
S4 includes:
S48, random generation and scrambled matrix KcThe permutation matrix K of same order, scrambled matrix KcGF (2)-full is obtained with K products
Order scrambled matrix Kd;
S49, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix Kd
Product is done, its result is stored as new scrambled matrix and key is updated.
Referring to shown in Fig. 4, methods described two is directly random to generate and scrambled matrix K without repeating encrypting step S3cTogether
The permutation matrix K of rank, scrambled matrix KcGF (2)-full rank scrambled matrix K is obtained with K productsd;Again by ciphertext y and scrambled matrix Kd
Do product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix KdProduct is done, its result is stored as new scrambled matrix
And key is updated.Compared with S1, S2, the renewal speed of the key in S4 is more frequent so that if attacker can not be
Shorter time breaking cryptographic keys, and attacker only cracks again after key updating, further increases the security of the present invention.
The encryption method that the present invention is provided, combines the respective advantages of VNC and DES, and linear VNC uses two encryption dimensions
Degree and key sequence all different matrixes, nonlinear DES is protected from both direction, no matter attacker carried out from which direction it is poor
Computing is lifted, under the conditions of active computer, all be will sink among undying calculating.
The encryption method that the present invention is provided, realizes mimicry security feature.More slow key refreshes completely can be thorough
Change each step key (internal structure of scrambled matrix and element, DES keys);More quick key Local hydrodynamic unit is in order to carry
High system effectiveness, can complete providing for simple replacement of for key under conditions of matrix structure is not changed, and the two, which is combined, completes mimicry spy
The realization of property.
The encryption method that the present invention is provided, in the case where not increasing system overhead, has preferably suitable to environment
Ying Xing.By changing the relevant parameter of VNC encrypting steps, encryption system can realize the flat of different emphasis between efficiency and safety
Trackslip and change, be conducive to improving adaptability of the encryption system to varying environment.The realization of mimicry characteristic causes sustainable protection ability to obtain
To further raising, while compared to the triple des encryption system applied at present, efficiently change key sequence need not repeat to add
Close decryption, so as to reduce the overhead under mimicry safety condition.
The encryption method that the present invention is provided, for the development of following foreseeable computing capability, the encryption technology has more
Good adaptability and ductility.The extension of general encryption system key digit is difficult to accomplish, but the encryption method that the present invention is provided
Matrix dimensionality realization can be increased simply by, Comparatively speaking, the encryption method can be derived with stronger as needed
Resist the encryption system of brute force attack effect.
It is alternatively, described in the embodiment of the foregoing mimicry encryption method based on vector network coding and DES
Include after S4:
It is plaintext x by the ciphertext y ' decryption after the stay of two nights receives the ciphertext y ' that information source is sent;
It is described to include the ciphertext y ' decryption for plaintext x:
The ciphertext y ' is done into product with the inverse matrix of corresponding scrambled matrix and obtains intermediate sequence z2;
By intermediate sequence z2Carry out reversing key schedule to obtain intermediate sequence z1;
By intermediate sequence z1Product, which is done, with the inverse matrix of corresponding scrambled matrix obtains plaintext x;
If it is meaningful to decrypt obtained plaintext, receives, otherwise, then abandon the plaintext and carry out error handle.
Referring to shown in Fig. 4, in the embodiment of the present invention, start solution after the stay of two nights receives the ciphertext y ' that information source is sent
It is close, ciphertext y ' only need to be multiplied by respective encrypted inverse of a matrix matrix i.e. by plaintext x is obtained by the VNC anti-solutions of ciphertext y ' encrypted
Can, and DES due to design when be to be based on Feistel networks, thus decrypting process is substantially identical with ciphering process, only needs
The information that will be decrypted carries out reverse key schedule;If it is meaningful to decrypt obtained plaintext, receives, otherwise, then abandon this bright
Text simultaneously carries out error handle.The present invention has preferable recognition effect to the packet being tampered, based on adding that the present invention takes
Close mode, the probability that meaningful plaintext is obtained after distorting is very low:First, under the conditions of accidental enciphering, identical meanings are represented
Data sequence have no rule so that attacker can not targetedly destroy;Secondly, multi-enciphering ensure that attacker changes
During ciphertext, it is random and unknowable for the influence of plaintext.If what system discovery was obtained by decrypting is meaningless in plain text
, then it is assumed that it has been tampered, and then abandons the packet.
Embodiment two
The present invention also provides a kind of embodiment encoded based on vector network with DES mimicry encryption system, by
The mimicry encryption system based on vector network coding and DES provided in the present invention is encoded and DES with foregoing based on vector network
Mimicry encryption method embodiment it is corresponding, should be encoded based on vector network and DES mimicry encryption system can be with
The purpose of the present invention is realized by performing the process step in above method embodiment, thus it is above-mentioned based on Vector Network
Network encode and DES mimicry encryption method embodiment in explanation, be also applied for the present invention provide based on to
The embodiment of network code and DES mimicry encryption system is measured, will not in the embodiment below the present invention
Repeat again.
The embodiment of the present invention also provides a kind of mimicry encryption system encoded based on vector network with DES, including:
Big matrix V NC ciphering units, for being encoded using VNC to plaintext x, generate intermediate sequence z1;
Des encryption unit, for utilizing DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;
Minor matrix VNC ciphering units, for utilizing VNC to the intermediate sequence z2Encoded, generation ciphertext y;
Key dynamic update unit, updates for entering Mobile state to the ciphertext y, generates new ciphertext y ' and key.
Being encoded based on vector network described in the embodiment of the present invention and DES mimicry encryption system, are added by big matrix V NC
Close unit is encoded to plaintext x, generation intermediate sequence z1, improve the ability of present invention resistance brute force attack;Followed by DES
Itself S- box introduces non-linear elements to intermediate sequence z1It is encrypted, generation intermediate sequence z2, improve present invention resistance analysis and attack
The ability hit;The characteristics of mimicry changes is easily achieved to the intermediate sequence z by minor matrix VNC ciphering units again2Compiled
Code, generates ciphertext y, so that present invention introduces mimicry security feature, finally to enter Mobile state renewal to the ciphertext y, generation is new
Ciphertext y ' and key so that further improve the present invention mimicry security feature.So, the present invention utilizes the anti-of des encryption
Attack the anti-brute force attack characteristic and mimicry security feature of characteristic and VNC encryptions, it is possible to increase the ability of present invention resistance attack,
Simultaneously compared to the triple des encryption system applied at present, three re-encryptions that the present invention is provided --- by des encryption process
Both sides respectively use different scales vector network coding encrypting matrix, with renewal speed is fast, overhead is low, to network
The advantage of strong environmental adaptability.
Described above is the preferred embodiment of the present invention, it is noted that for those skilled in the art
For, on the premise of principle of the present invention is not departed from, some improvements and modifications can also be made, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (8)
1. a kind of mimicry encryption method encoded based on vector network with DES, it is characterised in that including:
S1, big matrix V NC encryptions:Plaintext x is encoded using VNC, generation intermediate sequence z1;Wherein, VNC represents Vector Network
Network is encoded;When big matrix represents to carry out VNC encryptions, the block length L of useaMore than or equal to the first preset value;
S2, des encryption:Using DES to the intermediate sequence z1It is encrypted, generation intermediate sequence z2;
S3, minor matrix VNC are encrypted:Using VNC to the intermediate sequence z2Encoded, generation ciphertext y;Wherein, minor matrix is represented
When carrying out VNC encryptions, the block length L of usecLess than or equal to the second preset value;
S4, key dynamically updates:Enter Mobile state renewal to the ciphertext y, generate new ciphertext y ' and key;
Wherein, the S1 includes:
S11, the binary sequence m that coding generation length is K is carried out to plaintext x using VNC0m1m2…mK, by the binary sequence
m0m1m2…mKIt is divided intoIndividual length is LaGroup:
S12, judges whether K can be by LaDivide exactly, if so, then performing S13;If it is not, then adding 0 completion last groupIt is surplus
Yu Wei, it is L to form a lengthaComplete packet, be further added by a packet the size that stores and represent significance bit, then perform
S13;
S13, determines LaAn approximate number Da;
S14, generates a L at randoma/DaRank GF (2Da)-scrambled matrix A;
S15, trip current A whether full rank:If so, then performing S16;S14 is performed if it is not, then returning, until the matrix A of generation expires
Order;
S16, determines any one D on two element field GF (2)aRank primitive polynomial, will be every in matrix A according to predefined computing
One GF (2Da) element representation is into a DaRank GF (2)-matrix, forms LaRank GF (2)-full rank scrambled matrix Ka;
S17, judges DaWhether it is 1, if so, then performing S18;If it is not, then expanded keys space;
S18, determines L successivelyaLong packet, and by each packet of determination successively with scrambled matrix KaDo product and obtain intermediate sequence
z1。
2. according to the method described in claim 1, it is characterised in that the expanded keys space includes:
Directly generate LaRank GF (2)-permutation matrix, to scrambled matrix KaCarry out direct replacement;Or,
In generation scrambled matrix KaDuring, ranks displacement is first done to matrix A or to DaRank GF (2)-matrix does ranks displacement,
So as to scrambled matrix KaCarry out indirectlyby displacement.
3. according to the method described in claim 1, it is characterised in that the S2 includes:
To the intermediate sequence z1Cutting packet is carried out, and according to 64 des encryption methods to the intermediate sequence z after packet1Carry out
Encryption, generation intermediate sequence z2。
4. according to the method described in claim 1, it is characterised in that the S3 includes:
S31, by the intermediate sequence z2Length is divided into for LcGroup, determine that can divide exactly a LcInteger Dc;
S32, generates a L at randomc/DcRank GF (2Dc)-scrambled matrix C;
S33, trip current C whether full rank:If so, then performing S34;S32 is performed if it is not, then returning, until the Matrix C of generation expires
Order;
S34, determines any one D on two element field GF (2)cRank primitive polynomial, will be every in Matrix C according to predefined computing
One GF (2Dc) element representation is into a DcRank GF (2)-matrix, forms the L based on GF (2)cRank full rank scrambled matrix Kc;
S35, determines L successivelycLong packet, and by each packet of determination successively with scrambled matrix KcDo product and obtain ciphertext y.
5. method according to claim 4, it is characterised in that the S4 includes:
S41, passes through scrambled matrix KcInverse matrix the anti-solutions of ciphertext y are obtained into intermediate sequence z2;
S42, the intermediate sequence z is redefined according to S3 method2The length L of packetd, primitive polynomial, and generate LdRank GF
(2)-new full rank scrambled matrix Kd, and by the intermediate sequence z2With scrambled matrix KdDo product and obtain new KdCiphertext y ';
S43, while storing KdKey is updated as new scrambled matrix.
6. method according to claim 4, it is characterised in that the S4 includes:
S44, random generation one has the same order scrambled matrix D of identical extension field with Matrix C;
S45, trip current D whether full rank:If so, then performing S46;S44 is performed if it is not, then returning, until the matrix D of generation expires
Order;S46, according to S3 parameter, K is expressed as by matrix DcSame order GF (2)-new full rank scrambled matrix Kd;
S47, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix KdDo and multiply
Product, its result is stored as new scrambled matrix and key is updated.
7. method according to claim 4, it is characterised in that the S4 includes:
S48, random generation and scrambled matrix KcThe permutation matrix K of same order, scrambled matrix KcGF (2)-full rank is obtained with K products to add
Close matrix Kd;
S49, by ciphertext y and scrambled matrix KdDo product and obtain new ciphertext y ', and by scrambled matrix KcWith scrambled matrix KdDo and multiply
Product, its result is stored as new scrambled matrix and key is updated.
8. according to the method described in claim 1, it is characterised in that include after the S4:
It is plaintext x by the ciphertext y ' decryption after the stay of two nights receives the ciphertext y ' that information source is sent;
It is described to include the ciphertext y ' decryption for plaintext x:
The ciphertext y ' is done into product with the inverse matrix of corresponding scrambled matrix and obtains intermediate sequence z2;
By intermediate sequence z2Carry out reversing key schedule to obtain intermediate sequence z1;
By intermediate sequence z1Product, which is done, with the inverse matrix of corresponding scrambled matrix obtains plaintext x;
If it is meaningful to decrypt obtained plaintext, receives, otherwise, then abandon the plaintext and carry out error handle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510251536.5A CN104954118B (en) | 2015-05-16 | 2015-05-16 | A kind of mimicry encryption method and system encoded based on vector network with DES |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510251536.5A CN104954118B (en) | 2015-05-16 | 2015-05-16 | A kind of mimicry encryption method and system encoded based on vector network with DES |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104954118A CN104954118A (en) | 2015-09-30 |
| CN104954118B true CN104954118B (en) | 2017-09-15 |
Family
ID=54168497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510251536.5A Active CN104954118B (en) | 2015-05-16 | 2015-05-16 | A kind of mimicry encryption method and system encoded based on vector network with DES |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104954118B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106941407B (en) * | 2017-05-10 | 2020-07-24 | 人才有价(山东)有限公司 | Method and device for dynamically encrypting platform data |
| CN110995409B (en) * | 2020-02-27 | 2020-06-23 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| CN111885013B (en) * | 2020-07-06 | 2022-04-26 | 河南信大网御科技有限公司 | Mimicry encryption communication module, system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110944A (en) * | 2007-08-31 | 2008-01-23 | 湖北科创高新网络视频股份有限公司 | Method and apparatus for encrypting video data |
| CN102164367A (en) * | 2011-04-14 | 2011-08-24 | 北京理工大学 | Key management method used for wireless sensor network |
| CN102665206A (en) * | 2012-04-26 | 2012-09-12 | 北京邮电大学 | Network coding method for data collection of wireless sensor networks |
| CN103259643A (en) * | 2012-08-14 | 2013-08-21 | 苏州大学 | Matrix fully homomorphic encryption method |
| CN103634101A (en) * | 2013-12-03 | 2014-03-12 | 中国电子器材总公司 | Encryption processing method and encryption processing equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011123575A1 (en) * | 2010-03-30 | 2011-10-06 | Engels Daniel W | Cryptographic processor with dynamic update of encryption state |
-
2015
- 2015-05-16 CN CN201510251536.5A patent/CN104954118B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110944A (en) * | 2007-08-31 | 2008-01-23 | 湖北科创高新网络视频股份有限公司 | Method and apparatus for encrypting video data |
| CN102164367A (en) * | 2011-04-14 | 2011-08-24 | 北京理工大学 | Key management method used for wireless sensor network |
| CN102665206A (en) * | 2012-04-26 | 2012-09-12 | 北京邮电大学 | Network coding method for data collection of wireless sensor networks |
| CN103259643A (en) * | 2012-08-14 | 2013-08-21 | 苏州大学 | Matrix fully homomorphic encryption method |
| CN103634101A (en) * | 2013-12-03 | 2014-03-12 | 中国电子器材总公司 | Encryption processing method and encryption processing equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104954118A (en) | 2015-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | Development of modified AES algorithm for data security | |
| KR20190107044A (en) | Ambiguity Augmented Dynamic Security System | |
| Agrawal et al. | Elliptic curve cryptography with hill cipher generation for secure text cryptosystem | |
| Gautam et al. | An enhanced cipher technique using vigenere and modified caesar cipher | |
| Singh | Modified Vigenere encryption algorithm and its hybrid implementation with Base64 and AES | |
| Kaur et al. | 3D (4 X 4 X 4)-Playfair Cipher | |
| KR101095386B1 (en) | A Cryptosystem with a Discretized Chaotic Map | |
| CN104954118B (en) | A kind of mimicry encryption method and system encoded based on vector network with DES | |
| Joshy et al. | Text to image encryption technique using RGB substitution and AES | |
| Masoodi et al. | Symmetric Algorithms I | |
| Bhavani et al. | Modified AES using dynamic S-box and DNA cryptography | |
| Lee et al. | Pingpong-128, a new stream cipher for ubiquitous application | |
| Mohan et al. | Revised aes and its modes of operation | |
| Faraoun | Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata | |
| Acharya et al. | Involutory, permuted and reiterative key matrix generation methods for hill cipher system | |
| Umair | Comparison of Symmetric Block Encryption Algorithms | |
| Joshi et al. | A randomized approach for cryptography | |
| Wang et al. | Adaptive RSA encryption algorithm for smart grid | |
| Warjri et al. | KED-a symmetric key algorithm for secured information exchange using modulo 69 | |
| Hallappanavar et al. | Efficient implementation of AES by modifying S-Box | |
| Pirzada et al. | The parallel CMAC synthetic initialization vector algorithm implementation on FPGA | |
| Umamaheswaran et al. | An algorithm for encrypting/decrypting textual messages | |
| A ELTatar et al. | Modified Advanced Encryption Standard Algorithm for Reliable Real-Time Communications | |
| CN109409106A (en) | A kind of Shannon perfection time slot scrambling of novel infinite alphabet | |
| Mohammed et al. | A Proposed Non Feistel Block Cipher Algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211110 Address after: 310000 room 1109, 11th floor, building 4, Yinhu Huayuan, Yinhu street, Fuyang District, Hangzhou City, Zhejiang Province Patentee after: Zhejiang Yisu Network Technology Co., Ltd Address before: No. 30 Xueyuan Road, Haidian District, Beijing 100083 Patentee before: Beijing University of science and technology |
|
| TR01 | Transfer of patent right |